How to survive an IBM software licence audit

While many software vendors run software license audits on customers, there are some key differences customers should be mindful of when it comes to IBM, according to a new report from advisory firm Miro Consulting.

While it's not true that IBM wants to audit every software customer it has, like most it "aggressively pursues audits of customers based on its perception of potential noncompliance," according to Miro's report, "Managing and Minimizing the Impact of an IBM Audit." Miro offers software asset management, audit and contract negotiation services.

One big difference in IBM's auditing practices is its use of outside firms such as Deloitte to perform the work. "From a cost perspective, this means that an audit by IBM is a significant undertaking by IBM as well as the audit firm and the enterprise being audited," Miro CEO Scott Rosenberg and senior analyst Sharon Trembley wrote.

While IBM therefore has an incentive to get an audit done as quickly as possible, it can still take some months for one to begin after the vendor gives a customer notice, according to the report.

If a customer is found to be out of compliance, IBM asks them to buy the right licenses and pay two years of retroactive maintenance fees, according to Miro.

One thing customers shouldn't do is take the audit process personally, as the "universal reason" for them "is simple -- to capture more legitimate revenue," the report states.

Vendors look at events in a customer's business that may have had an impact on software licensing, such as a merger or acquisition, when deciding on whether to pursue an audit. Other "triggers" include the final stretch of long-term enterprise license agreements companies have with IBM. "This is good timing for IBM because a typical IBM audit -- depending on the environment and number of IBM products in use -- takes from 12 to 18 months to complete."

Customers who get an audit letter have a few ways to minimize their pain. One is to make sure that what IBM wants to audit is allowed by terms and conditions in ELAs, according to Miro.

There's also "usually wiggle room to clarify and negotiate both the scope and timing of an IBM audit, which IBM will expect you to do," the report adds.

Customers could also perform a "self-audit" in order to gauge their level of compliance before the actual audit.

Another matter to consider is that IBM audits often initially have errors, thanks to the company's "bewildering array of software products and licensing options," Miro said. "It's up to you to notice if initial audit results are based on wrong inventories, or overlooked special terms and conditions in the ELA."

When it comes to IBM, the process of tracking each license and its related paperwork can be a tricky task for customers, the report adds.

For example, third-party software a customer has may include embedded IBM software. During an audit, customers will have to prove they already paid for it.

Other tricky areas include the rules IBM uses for software running on standby, as well as "misidentified hardware," the report states. "A lot of IBM software is licensed according to the hardware it runs on."

Overall, software vendors are justified in doing audits, since they protect intellectual property and collect money to which they're entitled, Forrester Research analyst Duncan Jones said this week via email.

"But sometimes the pressure on an individual salesperson to deliver results can drive them to creative interpretation of gray areas and over-enthusiastic enforcement of small print," Jones added. "My advice to clients is therefore to recognize an individual's motivation and be quick to escalate within the vendor organization if they believe that individual is being unfair or unreasonable. "

Like Miro's report, Jones recommended that customers implement software license tools. "Most compliance groups' main target is companies who are deliberately or recklessly under-licensed, so an audit will be much smoother if you can show you've been diligent," he said. "It will also strengthen your case should you need to escalate an issue created by an over-enthusiastic rep."

An IBM spokeswoman didn't respond to a request for comment on the company's auditing practices.

Microsites

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel.
Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Related Whitepapers

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.